[milters] Archive

Lists Index Date Thread Search

Article: 1680
From: Rose, Bobby
Date: 2007-09-09 10:31:01 -0400
Subject: Re: Milter-error Issue

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Currently I've disabled the use but when I was troubleshooting, I did
have info and database logging enabled and the database logging looked
like it was not finding the tag and match.  Milter-sender isn't having
any problems and the permissions aren't changing between rebuilds of the
access.db  The issue is intermittent with milter-error as it can work
for hours.  And when it doesn't, I see intermittent successes with other
tags and hosts in between the failures which suggest it is still reading
the access file.  My mail files are owned by root:smmsp and the milter
user is a member of the smmsp group.  I also use makemap hash
access<access whenever a rebuild occurs and I don't see any errors in
the logs saying that there is a problem opening the milters.

Also, milter-error doesn't build against the current libsnert since I
assume that since libsnert was common to all the milters that it
probably contained the code for interfacing with the access file.

-----Original Message-----
From: milters-bounce@milter.info [mailto:milters-bounce@milter.info] On
Behalf Of Anthony Howe
Sent: Sunday, September 09, 2007 3:22 AM
To: milters@milter.info
Subject: [milters] Re: Milter-error Issue

Removal...........: milters-request@milter.info?subject=3Dremove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Rose, Bobby wrote:
> I'm still seeing problems with milter-error.  Sometimes it just=20
> doesn't find the tags in the access.db for an excluded host. If I=20
> restart, it

Have you enabled

	verbose=3Dinfo,trace,db

to observe the lookup sequence and see if it finds the entry in
question?

> behaves properly again but the failure rate is just too high as it's

This sounds like a problem with updates made to the access.db file
changing file ownership and/or permissions such that milter-error can no
longer read the file. This would affect milter-sender and all the other
Snert milters equally.

Quick test, touch the access file and rebuild access.db while the
milters are running. If the milter sudden fails to find entries it
previous would find then your access.db rebuild process has a problem.=20
See these articles which cover access.db issues:

http://www.snert.com/Software/ecartis/index.php?go=3D/milters/2006-09/112=
8

http://www.snert.com/Software/ecartis/index.php?go=3D/milters/2006-09/116=
0


> rejecting hosts that I want to exclude.  Is anyone else using=20
> milter-error and seeing this kind of problem?  I don't see this=20
> problem with milter-sender.
>=20
> -----Original Message-----
> In July, I started using milter-error in the hope of dealing with=20
> repeat offenders but sometimes I see that even if I have a
> milter-error-connect: x.x.x  OK for exclusions, I sometimes see
-----------------------^
I trust you are not inserting a space between the tag and IP in your
access.db entry for the left-hand-side key. That would not have the
desired result.

> milter-error not excluding hosts with an IP in that subnet range. =20
> Most of the time it does exclude but occassionally it doesn't.  It can

> go for hours behaving appropriately but then occassionally start=20
> applying the general milter-error offender policy for a short period=20
> of time, then it'll start working fine again (well short of the=20
> cache-ttl).  When I've increased logging, it looks like milter-error=20
> is doing the access.db lookup but doesn't seem to be matching on those

> occassions that it's misbehaving, even if I'm whitelisting the IP=20
> itself.  Is milter-error sensitive to the access.db being rebuilt?  I=20
> do have a process that

Yes. All my milters that use access.db are, including milter-sender.

> looks at the mail logs and dynamically block IP's and remakemap the=20
> access file after being updated.  Milter-sender has never seem to have

> a problem with it, but then it's developmentally more mature.

--=20
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561      Sendmail Milter Solutions
http://www.snert.com/                 
     http://www.snertsoft.com/



Lists Index Date Thread Search